Debian Security Advisory

glibc -- local root exploit

Date Reported:
02 Sep 2000
Affected Packages:
libc6, libc6.1
Security database references:
In Mitre's CVE dictionary: CVE-2000-0824, CVE-2000-0844.
More information:
Recently two problems have been found in the glibc suite, which could be used to trick setuid applications to run arbitrary code.

The first problem is the way handles environment variables: In order to provide a safe environment for setuid applications it removes certain the environment variables that can influence application execution such as LD_PRELOAD and LD_LIBRARY_PATH. Unfortunately there was a bug that could cause to not remove them under some conditions. This would affect setuid applications if they execute another binary without dropping privileges or cleaning up the environment themselves.

The second problem is the locale handling in glibc. glibc checks for characters like `/' in the LANG and LC_* environment variables to see if someone is trying to trick a program into reading arbitrary files. Unfortunately there were some logic errors in those checks which could be used to make a setuid application use arbitrary files for localization settings, which can be exploited to trick it into executing arbitrary code.

These problems have been fixed in version for Debian GNU/Linux 2.1 (slink) and 2.1.3-13 for Debian GNU/Linux 2.2 (potato). We recommend that you upgrade your glibc package immediately.

Fixed in:

Debian GNU/Linux 2.1 (slink)


Debian GNU/Linux 2.2 (potato)

Architecture-independent component: